[ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.10.55' (ECDSA) to the list of known hosts. syzkaller login: [ 43.021102][ T6821] IPVS: ftp: loaded support on port[0] = 21 [ 43.112008][ T6821] chnl_net:caif_netlink_parms(): no params data found [ 43.157877][ T6821] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.165392][ T6821] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.174171][ T6821] device bridge_slave_0 entered promiscuous mode [ 43.182053][ T6821] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.189984][ T6821] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.197974][ T6821] device bridge_slave_1 entered promiscuous mode [ 43.216317][ T6821] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 43.227027][ T6821] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 43.247437][ T6821] team0: Port device team_slave_0 added [ 43.255003][ T6821] team0: Port device team_slave_1 added [ 43.269954][ T6821] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 43.276957][ T6821] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 43.303573][ T6821] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 43.316143][ T6821] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 43.323502][ T6821] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 43.349793][ T6821] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 43.373954][ T6821] device hsr_slave_0 entered promiscuous mode [ 43.380545][ T6821] device hsr_slave_1 entered promiscuous mode [ 43.460379][ T6821] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 43.470129][ T6821] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 43.482813][ T6821] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 43.491105][ T6821] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 43.513516][ T6821] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.520697][ T6821] bridge0: port 2(bridge_slave_1) entered forwarding state [ 43.528272][ T6821] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.535369][ T6821] bridge0: port 1(bridge_slave_0) entered forwarding state [ 43.571539][ T6821] 8021q: adding VLAN 0 to HW filter on device bond0 [ 43.586131][ T2463] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 43.596314][ T2463] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.604606][ T2463] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.612155][ T2463] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 43.624167][ T6821] 8021q: adding VLAN 0 to HW filter on device team0 [ 43.635334][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 43.643910][ T37] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.650922][ T37] bridge0: port 1(bridge_slave_0) entered forwarding state [ 43.673235][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 43.681508][ T37] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.688584][ T37] bridge0: port 2(bridge_slave_1) entered forwarding state [ 43.696582][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 43.705368][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 43.719313][ T6821] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 43.730442][ T6821] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 43.744211][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 43.751832][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 43.760909][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 43.769377][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 43.785851][ T2463] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 43.793258][ T2463] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 43.807080][ T6821] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 43.822763][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 43.839167][ T2463] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 43.848480][ T2463] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 43.856766][ T2463] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 43.866674][ T6821] device veth0_vlan entered promiscuous mode [ 43.877072][ T6821] device veth1_vlan entered promiscuous mode [ 43.896202][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 43.904721][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 43.913349][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 43.923548][ T6821] device veth0_macvtap entered promiscuous mode [ 43.931689][ T6821] device veth1_macvtap entered promiscuous mode [ 43.947362][ T6821] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 43.954770][ T2463] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 43.965452][ T2463] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 43.976918][ T6821] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 43.985144][ T2463] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 43.996070][ T6821] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 44.005116][ T6821] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 44.013894][ T6821] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 executing program [ 44.022693][ T6821] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 44.056950][ T6821] ttyprintk ttyprintk: tty_port_close_start: tty->count = 1 port count = 2 [ 44.066030][ C1] [ 44.066033][ C1] ====================================================== [ 44.066035][ C1] WARNING: possible circular locking dependency detected [ 44.066036][ C1] 5.9.0-rc3-syzkaller #0 Not tainted [ 44.066038][ C1] ------------------------------------------------------ [ 44.066040][ C1] syz-executor422/6821 is trying to acquire lock: [ 44.066041][ C1] ffffffff894fc9c0 (console_owner){-.-.}-{0:0}, at: console_lock_spinning_enable+0x2d/0x60 [ 44.066046][ C1] [ 44.066048][ C1] but task is already holding lock: [ 44.066049][ C1] ffffffff8c3267a0 (&port->lock#2){-.-.}-{2:2}, at: tty_port_close_start+0x58/0x550 [ 44.066054][ C1] [ 44.066056][ C1] which lock already depends on the new lock. [ 44.066057][ C1] [ 44.066058][ C1] [ 44.066059][ C1] the existing dependency chain (in reverse order) is: [ 44.066060][ C1] [ 44.066061][ C1] -> #2 (&port->lock#2){-.-.}-{2:2}: [ 44.066066][ C1] lock_acquire+0x140/0x6f0 [ 44.066068][ C1] _raw_spin_lock_irqsave+0xaa/0xd0 [ 44.066069][ C1] tty_port_tty_get+0x21/0xe0 [ 44.066070][ C1] tty_port_default_wakeup+0x11/0x40 [ 44.066072][ C1] serial8250_tx_chars+0x5ea/0x800 [ 44.066073][ C1] serial8250_handle_irq+0x2fd/0x3e0 [ 44.066075][ C1] serial8250_default_handle_irq+0xac/0x190 [ 44.066076][ C1] serial8250_interrupt+0x93/0x180 [ 44.066078][ C1] __handle_irq_event_percpu+0x1f1/0x6e0 [ 44.066079][ C1] handle_irq_event+0xbd/0x280 [ 44.066081][ C1] handle_edge_irq+0x245/0xbf0 [ 44.066082][ C1] asm_call_on_stack+0xf/0x20 [ 44.066083][ C1] common_interrupt+0x13c/0x230 [ 44.066085][ C1] asm_common_interrupt+0x1e/0x40 [ 44.066086][ C1] native_safe_halt+0xe/0x10 [ 44.066087][ C1] acpi_safe_halt+0x8f/0x140 [ 44.066089][ C1] acpi_idle_enter+0x3ef/0xac0 [ 44.066090][ C1] cpuidle_enter_state+0x38d/0x950 [ 44.066092][ C1] cpuidle_enter+0x59/0x90 [ 44.066093][ C1] do_idle+0x4a7/0x650 [ 44.066094][ C1] cpu_startup_entry+0x15/0x20 [ 44.066096][ C1] secondary_startup_64+0xa4/0xb0 [ 44.066096][ C1] [ 44.066097][ C1] -> #1 (&port->lock){-.-.}-{2:2}: [ 44.066102][ C1] lock_acquire+0x140/0x6f0 [ 44.066103][ C1] _raw_spin_lock_irqsave+0xaa/0xd0 [ 44.066105][ C1] serial8250_console_write+0x145/0xd10 [ 44.066106][ C1] console_unlock+0x94c/0xe20 [ 44.066107][ C1] vprintk_emit+0x205/0x370 [ 44.066109][ C1] printk+0x62/0x83 [ 44.066110][ C1] register_console+0x7a6/0xab0 [ 44.066111][ C1] univ8250_console_init+0x41/0x43 [ 44.066113][ C1] console_init+0x52/0x97 [ 44.066114][ C1] start_kernel+0x319/0x57c [ 44.066115][ C1] secondary_startup_64+0xa4/0xb0 [ 44.066116][ C1] [ 44.066117][ C1] -> #0 (console_owner){-.-.}-{0:0}: [ 44.066122][ C1] validate_chain+0x1b0c/0x88a0 [ 44.066123][ C1] __lock_acquire+0x110b/0x2ae0 [ 44.066124][ C1] lock_acquire+0x140/0x6f0 [ 44.066126][ C1] console_lock_spinning_enable+0x52/0x60 [ 44.066127][ C1] console_unlock+0x77f/0xe20 [ 44.066128][ C1] vprintk_emit+0x205/0x370 [ 44.066130][ C1] printk+0x62/0x83 [ 44.066131][ C1] tty_port_close_start+0x3c8/0x550 [ 44.066132][ C1] tty_port_close+0x25/0x140 [ 44.066134][ C1] tty_release+0x378/0xf90 [ 44.066135][ C1] __fput+0x34f/0x7b0 [ 44.066136][ C1] task_work_run+0x137/0x1c0 [ 44.066138][ C1] exit_to_user_mode_prepare+0x11a/0x1e0 [ 44.066139][ C1] syscall_exit_to_user_mode+0x82/0x1d0 [ 44.066141][ C1] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 44.066142][ C1] [ 44.066143][ C1] other info that might help us debug this: [ 44.066144][ C1] [ 44.066145][ C1] Chain exists of: [ 44.066146][ C1] console_owner --> &port->lock --> &port->lock#2 [ 44.066152][ C1] [ 44.066153][ C1] Possible unsafe locking scenario: [ 44.066154][ C1] [ 44.066156][ C1] CPU0 CPU1 [ 44.066157][ C1] ---- ---- [ 44.066158][ C1] lock(&port->lock#2); [ 44.066161][ C1] lock(&port->lock); [ 44.066165][ C1] lock(&port->lock#2); [ 44.066168][ C1] lock(console_owner); [ 44.066170][ C1] [ 44.066171][ C1] *** DEADLOCK *** [ 44.066172][ C1] [ 44.066174][ C1] 3 locks held by syz-executor422/6821: [ 44.066174][ C1] #0: ffff8880a1ae31c0 (&tty->legacy_mutex){+.+.}-{3:3}, at: tty_release+0xa5/0xf90 [ 44.066180][ C1] #1: ffffffff8c3267a0 (&port->lock#2){-.-.}-{2:2}, at: tty_port_close_start+0x58/0x550 [ 44.066186][ C1] #2: ffffffff894fc8a0 (console_lock){+.+.}-{0:0}, at: vprintk_emit+0x1e8/0x370 [ 44.066192][ C1] [ 44.066193][ C1] stack backtrace: [ 44.066195][ C1] CPU: 1 PID: 6821 Comm: syz-executor422 Not tainted 5.9.0-rc3-syzkaller #0 [ 44.066197][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 44.066198][ C1] Call Trace: [ 44.066199][ C1] dump_stack+0x1d6/0x29e [ 44.066200][ C1] print_circular_bug+0xc72/0xea0 [ 44.066202][ C1] ? stack_trace_save+0xad/0x150 [ 44.066203][ C1] ? save_trace+0x49/0xba0 [ 44.066204][ C1] check_noncircular+0x1fb/0x3a0 [ 44.066206][ C1] validate_chain+0x1b0c/0x88a0 [ 44.066210][ C1] ? mark_lock+0x102/0x1b00 [ 44.066211][ C1] ? mark_lock+0x102/0x1b00 [ 44.066213][ C1] ? put_dec_trunc8+0x19a/0x290 [ 44.066214][ C1] ? number+0xf14/0x1190 [ 44.066215][ C1] ? skip_atoi+0xb5/0xd0 [ 44.066216][ C1] __lock_acquire+0x110b/0x2ae0 [ 44.066218][ C1] ? lock_is_held_type+0xb3/0xe0 [ 44.066219][ C1] lock_acquire+0x140/0x6f0 [ 44.066220][ C1] ? console_lock_spinning_enable+0x2d/0x60 [ 44.066222][ C1] ? do_raw_spin_unlock+0x134/0x8d0 [ 44.066223][ C1] console_lock_spinning_enable+0x52/0x60 [ 44.066224][ C1] ? console_lock_spinning_enable+0x2d/0x60 [ 44.066226][ C1] console_unlock+0x77f/0xe20 [ 44.066227][ C1] ? __down_trylock_console_sem+0x151/0x180 [ 44.066228][ C1] ? vprintk_emit+0x1e8/0x370 [ 44.066230][ C1] ? vprintk_emit+0x1e8/0x370 [ 44.066231][ C1] vprintk_emit+0x205/0x370 [ 44.066232][ C1] printk+0x62/0x83 [ 44.066233][ C1] ? _raw_spin_lock_irqsave+0x84/0xd0 [ 44.066235][ C1] tty_port_close_start+0x3c8/0x550 [ 44.066236][ C1] tty_port_close+0x25/0x140 [ 44.066237][ C1] ? tpk_open+0x60/0x60 [ 44.066238][ C1] tty_release+0x378/0xf90 [ 44.066239][ C1] ? ima_file_free+0xea/0x3b0 [ 44.066241][ C1] ? tty_release_struct+0xd0/0xd0 [ 44.066242][ C1] __fput+0x34f/0x7b0 [ 44.066243][ C1] task_work_run+0x137/0x1c0 [ 44.066245][ C1] exit_to_user_mode_prepare+0x11a/0x1e0 [ 44.066246][ C1] syscall_exit_to_user_mode+0x82/0x1d0 [ 44.066247][ C1] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 44.066249][ C1] RIP: 0033:0x4081c1 [ 44.066253][ C1] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 24 1a 00 00 c3 48 83 ec 08 e8 6a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 b3 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 44.066254][ C1] RSP: 002b:00007ffe7bc42860 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 44.066258][ C1] RAX: 0000000000000000 RBX: 00007ffe7bc42890 RCX: 00000000004081c1 [ 44.066259][ C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 44.066261][ C1] RBP: 00007ffe7bc428f0 R08: 0000006e0000005b R09: 0000006e0000005b [ 44.066263][ C1] R10: 00007ffe7bc42890 R11: 0000000000000293 R12: 0000000000000004 [ 44.066265][ C1] R13: 0000000000000064 R14: 0000000000000000 R15: 00000000006dfc3c